Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.
However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.
Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.
Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.
Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.
Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.
Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.
Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.
The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.
A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.
“I think you’ll see wide-area, high-bandwidth [smart]watches this year at some point,” said Glenn Lurie, president of emerging devices at AT&T, in an interview.
The company has a group working in Austin, Texas, on thousands of wearable-device prototypes, and is also looking at certifying third-party devices for use on its network, Lurie said.
“A majority of stuff you’re going to see today that’s truly wearable is going to be in a watch form factor to start,” Lurie said. If smartwatch use takes off — “and we believe it can,” Lurie said — then those devices could become hubs for wearable computing.
Right now smartwatches lack LTE capabilities, so they are largely reliant on smartphones for apps and notifications. With a mobile broadband connection, a smartwatch becomes an “independent device,” Lurie said.
“We’ve been very, very clear in our opinion that a wearable needs to be a stand-alone device,” Lurie said.
AT&T and Filip Technologies in January released the Filip child tracker wristwatch, which also allows a parent to call a child over AT&T’s network. Filip could be improved, but those are the kind of wearable products that AT&T wants to bring to market.
Wearables for home health care are also candidates for LTE connections, Lurie said, but fitness trackers may be too small for LTE connectivity, at least for now.
Lurie couldn’t say when smartglasses would be certified to work on AT&T’s network. Google last year said adding cellular capabilities to its Glass eyewear wasn’t in the plans because of battery use. But AT&T is willing to experiment with devices to see where LTE would fit.
“It’s one thing if I’m buying it to go out for a job, it’s another thing if I’m going to wear it everyday. Those are the things people are debating right now — how that’s all going to come out,” Lurie said. “There’s technology and there’s innovation happening, and those things will get solved.”
Lurie said battery issues are being resolved, but there are no network capacity issues. Wearable devices don’t use too much bandwidth as they relay short bursts of information, unless someone is, for instance, listening to Pandora radio on a smartwatch, Lurie said.
But AT&T is building out network capacity, adding Wi-Fi networks, and virtualizing networks to accommodate more devices.
“We don’t have network issues, we don’t have any capacity issues,” Lurie said. “The key element to adding these devices is a majority of [them] aren’t high-bandwidth devices.”
AT&T wants to make wearables work with its home offerings like the Digital Life home automation and security system. AT&T is also working with car makers for LTE integration, with wearables interacting with vehicles to open doors and start ignitions.
Canonical has announced its latest milestone server release, Ubuntu 14.04 LTS.
The company, which is better known for its open source Ubuntu Linux desktop operating system, has been supplying a server flavor of Ubuntu since 2006 that is being used by Netflix and Snapchat.
Ubuntu 14.04 Long Term Support (LTS) claims to be the most interoperable Openstack implementation, designed to run across multiple environments using Icehouse, the latest iteration of Openstack.
Canonical product manager Mark Baker told The INQUIRER, “The days of denying Ubuntu are over, and the cloud is where we can make a difference.”
Although Canonical regular issues incremental releases of Ubuntu, LTS releases such as this one represent landmarks for the operating system, which only come about ever two years. LTS releases are also supported for a full five years.
New in this Ubuntu 14.04 LTS release are Juju and Maas orchestration and automation tools and support for hyperscale ARM 64-bit computing such as the server setup recently announced by AMD.
Baker continued, “We’re not an enterprise vendor in the traditional sense. We’ve got a pretty good idea of how to do it by now. Openstack is gaining a more formal status as enterprise evolves to adopt cloud based solutions, and we are making a commitment to support it.
“Openstack Iceberg is also considered LTS and as such will be supported for five years.”
Scalability is another key factor. Baker said, “We look at performance. For the majority of our customers it’s about efficiency – how rapidly we can scale up and scale in, and that’s something Ubuntu does incredibly well.”
Ubuntu 14.04 LTS will be available to download from Thursday.
Security experts from from Germany’s Security Research Labs have broken into Samsung’s fingerprint technology by taking a fingerprint smudge from the smartphone and creating a “wood glue dummy” finger with it. Apparently the S5 falls for the fault every time.
The problem is because the scanner has such a high trust rating within the phone, it will also mean that any thief will have access to the owners PayPal account. Neither of these actions require an additional password to be entered. PayPal has said that while it was taking the findings from Security Research Labs seriously, it was confident that fingerprint authentication offers and easier and more secure way to pay on mobile devices than passwords or credit cards.
The scan unlocks a secure cryptographic key that serves as a password replacement for the phone and this can be deactivated from a lost or stolen device, and you can create a new one. Paypal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens.
However you would think someone would have learnt by now a similar method was used to break the iPhone 5S’ fingerprint scanner last year. A better method was to cut the iPhone owner’s finger off. It was more messy but a lot more satisfying. There is a video of German researchers figuring out ways of making your phone talk after the break.
Its becoming more obvious lately that Intel and Microsoft are no longer joined at the hip. Intel is trying desperately to make a dent in the tablet market, and with Windows struggling on those devices, Android is where it’s at.
Intel hopes to see its processors used in 40 million tablets this year, and 80% to 90% of those will be running Google’s Android OS, CEO Brian Krzanich said on Tuesday.
“Our mix of OSes reflects pretty much what you see in the marketplace,” Krzanich said during Intel’s quarterly earnings call.
Most Intel-powered tablets running Android today use the older Medfield and Clover Trail+ chips. More Android tablets running the latest Atom processor, called Bay Trail, will ship later this quarter.
That’s not to say Intel is abandoning Windows — far from it. It’s just going where the market is today. Krzanich said he expects Windows to “grow and gain traction,” and more Intel-based tablets running both Android and Windows will be shown in June at the massive Computex trade show in Taipei.
The first Android-based Bay Trail tablet, the DreamTab, was announced in January, but it hasn’t shipped yet.
Intel is chasing ARM, the U.K. company whose processor designs are used in most tablets today, including those running both Android and Apple’s iOS.
The 40 million Intel tablets that will ship this year will give the company 15% to 20% of the tablet market, Intel CFO Stacy Smith said on the earnings call.
Intel is providing discounts and development funds to tablet makers to reduce the cost of using its chips. It’s looking for growth with the white-box Chinese tablet makers, which are expected to ship up to 130 million tablets this year.
Intel chips are available in some tablets now priced under $99, but most will be priced between $125 and $250, Krzanich said.
Microsoft hasn’t made much of a dent yet in Google’s and Apple’s share of the market, but IDC estimated last month that Windows would have 10.2% of the tablet market by 2017. Dell, Toshiba, Lenovo and Hewlett-Packard have launched Windows 8 tablets with Bay Trail, and Microsoft’s own Surface Pro 2 uses an Intel Core processor, but the tablets haven’t sold well.
“All spots in the Explorer Program have been claimed for now, but if you missed it this time, don’t worry,” the Google Glass team wrote on its blog on Wednesday.
“We’ll be trying new ways to expand the Explorer program in the future.”
Google did not respond to a request for more information, but an earlier post about the one-day sale spoke of brisk sales of the $1,500 Internet-enabled headset.
“We’ve sold out of Cotton (white), so things are moving really fast,” the team wrote.
Aside from the white version, Glass was being offered in shades marketed as Charcoal, Tangerine, Shale (grey) and Sky (blue). Buyers had the choice of their favorite shade or frame. Google announced the one-day sale available to all U.S. residents over 18 last week, adding it wasn’t ready to bring the gizmo to other countries. Shoppers who missed it have to sign up for updates at the Glass website.
Only a few thousand early adopters and developers had Glass before the one-day sale, which coincided with a major software update for the heads-up display that put video calling on hold.
An official launch of Google Glass may happen later this year.
The Red Hat Summit kicked off in San Francisco on Tuesday, and continued today with a raft of announcements.
Red Hat launched a new fork of Red Hat Enterprise Linux (RHEL) with the title “Atomic Host”. The new version is stripped down to enable lightweight deployment of software containers. Although the mainline edition also support software containers, this lightweight version improves portability.
This is part of a wider Red Hat initiative, Project Atomic, which also sees virtualisation platform Docker updated as part of the ongoing partnership between the two organisations.
Red Hat also announced a release candidate (RC) for Red Hat Enterprise Linux 7. The beta version has already been downloaded 10,000 times. The Atomic Host fork is included in the RC.
Topping all that is the news that Red Hat’s latest stable release, RHEL 6.5 has been deployed at the Organisation for European Nuclear Research – better known as CERN.
The European laboratory, which houses the Large Hadron Collider (LHC) and was birthplace of the World Wide Web has rolled out the latest versions of Red Hat Enterprise Linux, Red Hat Enterprise Virtualisation and Red Hat Technical Account Management. Although Red Hat has a long history with CERN, this has been a major rollout for the facility.
The logging server of the LHC is one of the areas covered by the rollout, as are the financial and human resources databases.
The infrastructure comprises a series of dual socket servers, virtualised on Dell Poweredge M610 servers with up to 256GB RAM per server and full redundancy to prevent the loss of mission critical data.
Niko Neufeld, deputy project leader at the Large Hadron Collider, said, “Our LHCb experiment requires a powerful, very reliable and highly available IT environment for controlling and monitoring our 70 million CHF detectors. Red Hat Enterprise Virtualization is at the core of our virtualized infrastructure and complies with our stringent requirements.”
Other news from the conference includes the launch of Openshift Marketplace, allowing customers to try solutions for cloud applications, and the release of Red Hat Jboss Fuse 6.1 and Red Hat Jboss A-MQ 6.1, which are standards based integration and messaging products designed to manage everything from cloud computing to the Internet of Things.
MediaTek has shown off one of its most interesting SoC designs to date at the China Electronic Information Expo. The MT6595 was announced a while ago, but this is apparently the first time MediaTek showcased it in action.
It is a big.LITTLE octa-core with integrated LTE support. It has four Cortex A17 cores backed by four Cortex A7 cores and it can hit 2.2GHz. The GPU of choice is the PowerVR G6200. It supports 2K4K video playback and recording, as well as H.265. It can deal with a 20-megapixel camera, too.
The really interesting bit is the modem. It can handle TD-LTE/FDD-LTE/WCDMA/TD-SCDMA/GSM networks, hence the company claims it is the first octa-core with on board LTE. Qualcomm has already announced an LTE-enabled octa-core, but it won’t be ready anytime soon. The MT6595 will – it is expected to show up in actual devices very soon.
Of course, MediaTek is going after a different market. Qualcomm is building the meanest possible chip with four 64-bit Cortex A57 cores and four A53 cores, while MediaTek is keeping the MT6595 somewhat simpler, with smaller 32-bit cores.
The revisions more explicitly spell out the manner in which Google software scans users’ emails, both when messages are stored on Google’s servers and when they are in transit, a controversial practice that has been at the heart of litigation.
Last month, a U.S. judge decided not to combine several lawsuits that accused Google of violating the privacy rights of hundreds of millions of email users into a single class action.
Users of Google’s Gmail email service have accused the company of violating federal and state privacy and wiretapping laws by scanning their messages so it could compile secret profiles and target advertising. Google has argued that users implicitly consented to its activity, recognizing it as part of the email delivery process.
Google spokesman Matt Kallman said in a statement that the changes “will give people even greater clarity and are based on feedback we’ve received over the last few months.”
Google’s updated terms of service added a paragraph stating that “our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
The Intel Education 2-in-1 hybrid has a 10.1-inch screen that can detach from a keyboard base to turn into a tablet. Intel makes reference designs, which are then replicated by device makers and sold to educational institutions.
The 2-in-1 has a quad-core Intel Atom processor Z3740D, which is based on the Bay Trail architecture. The battery lasts about eight hours in tablet mode, and three more hours when docked with the keyboard base, which has a second battery.
Intel did not immediately return requests for comment on the estimated price for the hybrid or when it would become available.
Education is a hotly contested market among computer makers, as Apple pushes its iPads and MacBooks while PC makers like Dell, Hewlett-Packard and Lenovo hawk their Chromebooks.
Some features in the Intel 2-in-1 are drawn from the company’s Education tablets, which also run on Atom processors, but have the Android OS.
The 2-in-1 hybrid has front-facing and rear-facing cameras, and a snap-on magnification lens that allows students to examine items at a microscopic level.
The computer can withstand a drop of 70 centimeters, a feature added as protection for instances in which children mishandle laptops and let them fall. The keyboard base also has a handle.
The screen can be swiveled and placed on the keyboard, giving it the capability of a classic convertible laptop. This feature has been drawn from Intel’s Classmate series of education laptops.
The 2-in-1 has software intended to make learning easier, including tools for the arts and science. Intel’s Kno app provides access to 225,000 books. Typically, some of the books available via Kno are free, while others are fee-based.
Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.
Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.
Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.
He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.
Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.
Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.
Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.
Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.
He said mobile app developers have time to figure out which products are vulnerable and fix them.
“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.
Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.
Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.
For a trial that centers on smartphones and the technology they use, it’s more than a little ironic. The entire case might not even be taking place if the market wasn’t so big and important, but the constant need for connectivity of everyone is causing problems in the court, hence the new sign.
The problems have centered on the system that displays the court reporter’s real-time transcription onto monitors on the desks of Judge Lucy Koh, the presiding judge in the case, and the lawyers of Apple and Samsung. The system, it seems, is connected via Wi-Fi and that connection keeps failing.
“We have a problem,” Judge Koh told the courtroom on April 4, soon after the problem first appeared. Without the system, Koh said she couldn’t do her job, so if people didn’t shut off electronics, she might have to ban them from the courtroom.
In many other courts, electronic devices are routinely banned, but the Northern District of California and Judge Koh have embraced technology more than most. While reporters and spectators are limited to a pen and paper in courts across the country, the court here permits live coverage through laptops and even provides a free Wi-Fi network.
On Monday, the problems continued and Judge Koh again asked for all cellphones to be switched off.
But not everyone listened. A scan of the courtroom revealed at least one hotspot hadn’t been switched off: It was an SK Telecom roaming device from South Korea, likely used by a member of Samsung’s team.
The hotspot was switched off by the end of the day, but on Tuesday there were more problems.
“You. Ma’am. You in the front row,” Judge Koh said sternly during a break. She’d spotted an Apple staffer using her phone and made the culprit stand, give her name and verbally agree not to use the handset again in court.
As a result of all the problems, lawyers for Apple and Samsung jointly suggested using a scheduled two-day break in the case to hardwire the transcription computers to the court’s network.
The cable wasn’t installed.
“I believe there were some issues, We’re attempting to install it,” one of the attorneys told IDG News Service during the court lunch break.
So for now, the problems continue.
The clerk opened the day with an appeal to switch phones off, “not even airplane mode.”
That still didn’t help.
The transcription screens failed at 9:09 a.m., just minutes into the first session of the morning.
Microsoft terminated Windows XP support on Tuesday when it shipped the final public patches for the nearly-13-year-old operating system. Without patches for vulnerabilities discovered in the future, XP systems will be at risk from cyber criminals who hijack the machines and plant malware on them.
During an IRS budget hearing Monday before the House Financial Services and General Government subcommittee, the chairman, Rep. Ander Crenshaw (R-Fla.) wondered why the agency had not wrapped up its Windows XP-to-Windows 7 move.
“Now we find out that you’ve been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014,” Crenshaw said at the hearing. “I know you probably wish you’d already done that.”
According to the IRS, it has approximately 110,000 Windows-powered desktops and notebooks. Of those, 52,000, or about 47%, have been upgraded to Windows 7. The remainder continue to run the aged, now retired, XP.
John Koskinen, the commissioner of the IRS, defended the unfinished migration, saying that his agency had $300 million worth of IT improvements on hold because of budget issues. One of those was the XP-to-7 migration.
“You’re exactly right,” Koskinen said of Crenshaw’s point that everyone had fair warning of XP’s retirement. “It’s been some time where people knew Windows XP was going to disappear.”
But he stressed that the migration had to continue. “Windows XP will no longer be serviced, so we are very concerned if we don’t complete that work we’re going to have an unstable environment in terms of security,” Koskinen said.
According to Crenshaw, the IRS had previously said it would take $30 million out of its enforcement budget to finish the migration.
Part of that $30 million will be payment to Microsoft for what the Redmond, Wash. developer calls “Custom Support,” the label for a program that provides patches for critical vulnerabilities in a retired operating system.
Analysts noted earlier this year that Microsoft had dramatically raised prices for Custom Support, which previously had been capped at $200,000 per customer for the first year. Instead, Microsoft negotiates each contract separately, asking for an average of $200 per PC for the first year of Custom Support.
Using that average — and the number of PCs the IRS admitted were still running XP — the IRS would pay Microsoft $11.6 million for one year of Custom Support.
The remaining $18.4 million would presumably be used to purchase new PCs to replace the oldest ones running XP. If all 58,000 remaining PCs were swapped for newer devices, the IRS would be spending an average of $317 per system.
Facebook released its second government requests report covering the second half of 2013, and it expands its scope from the first one in two ways. First, it includes requests to restrict or remove users’ content from the site, whereas the first report was limited to requests for account information. And second, the report now includes data on Instagram, the photo sharing site owned by Facebook.
Facebook is not breaking out the number of Instagram requests; they’re included in the overall tallies. But Instagram’s inclusion speaks to the popularity of the service, which Facebook acquired in 2012 but didn’t include in its government requests report for the first half of 2013.
The report includes data on government requests to receive data about Instagram accounts and to restrict access to its content.
Facebook receives requests to restrict or remove content based on countries’ laws over what can be shared online. When the request is legally sound, Facebook restricts access to content in the specific country whose government objected to it. If Facebook also determines that the flagged content violates its own standards, it removes the content globally. Separately, Facebook also receives requests for account information and data, many of which relate to criminal cases such as robberies or kidnappings.
Facebook does not hand over data every time it receives a government request — sometimes the requests are overly broad or vague, or do not comply with legal standards, the company says.
In the U.S., Facebook received about 12,600 law enforcement requests in the second half of 2013, up from the range of 11,000-12,000 it tallied in its first report. For the second half of 2013, Facebook said it produced data for about 81 percent of the requests.
Regarding U.S. government requests about national security matters, Facebook reported it may have received none or as many as 999, saying it couldn’t be more specific due to U.S. legal restrictions.
Governments in other countries across the world are also interested in Facebook users’ data. India ranked second behind the U.S. with about 3,600 requests targeting more than 4,700 accounts. Facebook produced data for roughly half of those requests.
More than 1,900 requests came from the U.K., while the governments of France, Germany and Italy each served Facebook with more than 1,600 data requests.
Besides Facebook, other companies like Yahoo, Google and Microsoft periodically release their own government request reports, as part of an effort to be more transparent to users. The tallies have taken on increased significance following leaks about U.S. government surveillance made by former contractor Edward Snowden.
The Internet retailer would jump into a crowded market dominated by Apple Inc and Samsung Electronics Co Ltd.
The company has recently been demonstrating versions of the handset to developers in San Francisco and Seattle. It intends to announce the device in June and ship to stores around the end of September, the newspaper cited the unidentified sources as saying.
Amazon has made great strides into the hardware arena as it seeks to boost sales of digital content and puts its online store in front of more users. Amazon recently launched its $99 Fire TV video-streaming box and its Kindle e-readers and Fire tablets already command respectable U.S. market share after just a few years on the market.
Rumors of an Amazon-designed smartphone have circulated for years, though executives have previously played down ambitions to leap into a heavily competitive and increasingly saturated market.
Apple and Samsung, which once accounted for the lion’s share of the smartphone market, are struggling to maintain margins as new entrants such as Huawei and Lenovo target the lower-income segment.
To stand out from the crowd, Amazon intends to equip its phones with screens that display three-dimensional images without a need for special glasses, the Journal said.
Amazon officials were not immediately available for comment.